mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-11-29 00:16:32 +00:00
prepping for ipsilon role
This commit is contained in:
parent
63abc4341d
commit
6822dfe739
@ -9,9 +9,6 @@ ipaserver
|
|||||||
ipareplicas
|
ipareplicas
|
||||||
ipaclients
|
ipaclients
|
||||||
|
|
||||||
[ipsilon]
|
|
||||||
idp001 ansible_host=10.100.x.x
|
|
||||||
|
|
||||||
# Playbook and role specific inventory hosts and groups
|
# Playbook and role specific inventory hosts and groups
|
||||||
[ipaserver]
|
[ipaserver]
|
||||||
ipa001 ansible_host=10.100.1.110
|
ipa001 ansible_host=10.100.1.110
|
||||||
@ -22,3 +19,6 @@ ipa002 ansible_host=10.100.1.111
|
|||||||
[ipaclients]
|
[ipaclients]
|
||||||
build-a-box ansible_host=10.100.1.112
|
build-a-box ansible_host=10.100.1.112
|
||||||
|
|
||||||
|
[ipsilon]
|
||||||
|
idp001 ansible_host=10.100.x.x
|
||||||
|
|
||||||
|
51
ansible/playbooks/role-rocky-ipsilon.yml
Normal file
51
ansible/playbooks/role-rocky-ipsilon.yml
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
---
|
||||||
|
# Stands up an ipsilon instance for simple SSO
|
||||||
|
- name: Configure ipsilon server
|
||||||
|
hosts: ipsilon
|
||||||
|
become: true
|
||||||
|
vars_files:
|
||||||
|
- vars/encpass.yml
|
||||||
|
|
||||||
|
# This is to try to avoid the handler issue in pre/post tasks
|
||||||
|
handlers:
|
||||||
|
- include: handlers/main.yml
|
||||||
|
|
||||||
|
pre_tasks:
|
||||||
|
- name: Check if ansible cannot be run here
|
||||||
|
stat:
|
||||||
|
path: /etc/no-ansible
|
||||||
|
register: no_ansible
|
||||||
|
|
||||||
|
- name: Verify if we can run ansible
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "not no_ansible.stat.exists"
|
||||||
|
msg: "/etc/no-ansible exists - skipping run on this node"
|
||||||
|
|
||||||
|
- name: Install arrfab ipsilon repo
|
||||||
|
yum_repository:
|
||||||
|
name: copr:copr.fedorainfracloud.org:arrfab:noggin
|
||||||
|
description: Copr repo for noggin owned by arrfab
|
||||||
|
file: copr_repos
|
||||||
|
baseurl: https://download.copr.fedorainfracloud.org/results/arrfab/noggin/epel-8-$basearch/
|
||||||
|
gpgcheck: true
|
||||||
|
gpgkey: https://download.copr.fedorainfracloud.org/results/arrfab/noggin/pubkey.gpg
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- role: rockylinux.ipsilon
|
||||||
|
state: present
|
||||||
|
|
||||||
|
post_tasks:
|
||||||
|
- name: Touching run file that ansible has ran here
|
||||||
|
file:
|
||||||
|
path: /var/log/ansible.run
|
||||||
|
state: touch
|
||||||
|
mode: '0644'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- name: "Turn on reverse zone syncing"
|
||||||
|
freeipa.ansible_freeipa.ipadnsconfig:
|
||||||
|
ipaadmin_password: '{{ ipaadmin_password }}'
|
||||||
|
allow_sync_ptr: true
|
@ -6,3 +6,6 @@ ipaadmin_password: !vault |
|
|||||||
ipadm_password: !vault |
|
ipadm_password: !vault |
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
REDACTED
|
REDACTED
|
||||||
|
ipsilon_db_password: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
REDACTED
|
||||||
|
@ -5,6 +5,9 @@ roles:
|
|||||||
# monitoring
|
# monitoring
|
||||||
- name: cloudalchemy.node-exporter
|
- name: cloudalchemy.node-exporter
|
||||||
- name: cloudalchemy.prometheus
|
- name: cloudalchemy.prometheus
|
||||||
|
- name: rockylinux.ipsilon
|
||||||
|
src: https://github.com/rocky-linux/ansible-role-ipsilon
|
||||||
|
version: master
|
||||||
|
|
||||||
collections:
|
collections:
|
||||||
# freeipa
|
# freeipa
|
||||||
|
Loading…
Reference in New Issue
Block a user